Imagine NFL football before Don “Red Dog” Ettinger changed the game by “blitzing” linebackers into the opposing team’s backfield, or hockey before Bobby Orr showed that a defenceman can be the most effective offensive player on the ice.
If you want to change the game, you can’t afford to sit back and let the other guy come at you.
Threat hunting in cybersecurity has turned the game on its head as much as Ettinger’s blitzes or Orr’s end-to-end rushes.
New techniques demand new responses.
Traditional threat detection was a passive approach, based on the idea that bad actors could only be identified once they became active. Proactive threat hunting begins from the premise that your IT infrastructure has either already been breached, or will be at some point, and responds effectively to the advanced attack vectors used by today’s cyber criminals.
Attackers now move laterally through networks, accessing data and using persistence techniques. They also inject malware into backups, then launch a ransomware attack on several fronts, making it difficult to clean up and determine exactly what happened. Typically, threat actors will push phishing emails out during busy times, hoping employees will click on a link or open an attachment. Once they’ve established a presence in your environment they’ll wait for an off-peak time to launch a ransomware attack.
In that type of scenario—increasingly common across various business sectors—attackers can lurk in your environment undetected unless you’re actively looking for their telltale signs.
Switching from defence to offence.
Although cyber threat hunting was initially based on manual processes, analyzing data to build assumptions about potential threats, OpenText’s MxDR threat detection employs multiple approaches to ensure your entire infrastructure is free of threats.
Among the advanced tactics OpenTextTM uses are:
- Behavioral analysis that goes well beyond typical UBA, using cognitive science, human behavioral analytics, and human psychology to understand how humans work and interact with technology.
- Anomaly detection rules based on MITRE ATT&CK.
- Up-to-the-minute tactics, techniques, and procedures (TTPs) deployed by threat actors.
- Correlation of data sets of known malicious files and data points identified from ingested log sources.
By leveraging multiple technologies, including threat intelligence, with our next-generation security information and event management (SIEM) OpenText’s MxDR can completely understand the scope and impact of any security event. The more data we have, the more data sets we can analyze and conduct threat hunting.
When we see something happening in one of our environments, we sweep through all our client’s data to make sure it doesn’t exist elsewhere. We utilize 500+ detection sets within your environment, as well as more than 285 million sensors across the public Internet, to provide real-time, multi-point threat detection.
Once OpenText MxDR identifies TTPs related to a new malware that’s targeting a particular environment we can apply that TTP to all our clients and notify them immediately. We fully integrate OpenText BrightCloud Threat Intelligence into our MxDR platform, which provides valuable loopback information.
Always on. Always vigilant.
OpenText MxDR combines best-in-breed technologies with security personnel who have more than 15 years of experience working in breach response investigations and malware analysis.
We provide you with active monitoring and intelligence-based detection of the latest threats delivering a 7-minute mean time-to-detection rate.
Once a threat is detected, our team of experts conducts an in-depth investigation to identify the origin of compromise, the extent of the breach, and its intent. We give you your most critical alerts, and only the alerts that truly matter. OpenText’s outstanding TTPs ensure you won’t get thousands of false positive alerts.
Use unmatched security workflows that reduce alert and event noise with zero false positives, saving analysts valuable time and providing confidence in any findings.
With OpenText’s MxDR you get unparalleled detection, faster root cause analysis, and actionable results. Find potential trouble and stop it fast—anywhere on your entire IT infrastructure.